package Session;  
/*
 * Copyright 2004 The Apache Software Foundation
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
/* $Id: SessionExample.java,v 1.4 2004/03/18 16:40:33 jfarcand Exp $
 *
 */

import java.io.*;
import java.text.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;

/**
 * Example servlet showing request headers
 * 
 * @author James Duncan Davidson <duncan@eng.sun.com>
 */

public class SessionExample extends HttpServlet {

  ResourceBundle rb = ResourceBundle.getBundle("LocalStrings");

  public void doGet(HttpServletRequest request, HttpServletResponse response)
      throws IOException, ServletException {
    response.setContentType("text/html");

    PrintWriter out = response.getWriter();
    out.println("<html>");
    out.println("<body bgcolor=\"white\">");
    out.println("<head>");

    String title = rb.getString("sessions.title");
    out.println("<title>" + title + "</title>");
    out.println("</head>");
    out.println("<body>");

    // img stuff not req'd for source code html showing
    // relative links everywhere!

    // XXX
    // making these absolute till we work out the
    // addition of a PathInfo issue

    out.println("<a href=\"../sessions.html\">");
    out.println("<img src=\"../images/code.gif\" height=24 "
        + "width=24 align=right border=0 alt=\"view code\"></a>");
    out.println("<a href=\"../index.html\">");
    out.println("<img src=\"../images/return.gif\" height=24 "
        + "width=24 align=right border=0 alt=\"return\"></a>");

    out.println("<h3>" + title + "</h3>");

    HttpSession session = request.getSession(true);
    out.println(rb.getString("sessions.id") + " " + session.getId());
    out.println("<br>");
    out.println(rb.getString("sessions.created") + " ");
    out.println(new Date(session.getCreationTime()) + "<br>");
    out.println(rb.getString("sessions.lastaccessed") + " ");
    out.println(new Date(session.getLastAccessedTime()));

    String dataName = request.getParameter("dataname");
    String dataValue = request.getParameter("datavalue");
    if (dataName != null && dataValue != null) {
      session.setAttribute(dataName, dataValue);
    }

    out.println("<P>");
    out.println(rb.getString("sessions.data") + "<br>");
    Enumeration names = session.getAttributeNames();
    while (names.hasMoreElements()) {
      String name = (String) names.nextElement();
      String value = session.getAttribute(name).toString();
      out.println(HTMLFilter.filter(name) + " = "
          + HTMLFilter.filter(value) + "<br>");
    }

    out.println("<P>");
    out.print("<form action=\"");
    out.print(response.encodeURL("SessionExample"));
    out.print("\" ");
    out.println("method=POST>");
    out.println(rb.getString("sessions.dataname"));
    out.println("<input type=text size=20 name=dataname>");
    out.println("<br>");
    out.println(rb.getString("sessions.datavalue"));
    out.println("<input type=text size=20 name=datavalue>");
    out.println("<br>");
    out.println("<input type=submit>");
    out.println("</form>");

    out.println("<P>GET based form:<br>");
    out.print("<form action=\"");
    out.print(response.encodeURL("SessionExample"));
    out.print("\" ");
    out.println("method=GET>");
    out.println(rb.getString("sessions.dataname"));
    out.println("<input type=text size=20 name=dataname>");
    out.println("<br>");
    out.println(rb.getString("sessions.datavalue"));
    out.println("<input type=text size=20 name=datavalue>");
    out.println("<br>");
    out.println("<input type=submit>");
    out.println("</form>");

    out.print("<p><a href=\"");
    out.print(response
        .encodeURL("SessionExample?dataname=foo&datavalue=bar"));
    out.println("\" >URL encoded </a>");

    out.println("</body>");
    out.println("</html>");

    out.println("</body>");
    out.println("</html>");
  }

  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws IOException, ServletException {
    doGet(request, response);
  }

}

/*
 * Copyright 2004 The Apache Software Foundation
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */

/**
 * HTML filter utility.
 * 
 * @author Craig R. McClanahan
 * @author Tim Tye
 * @version $Revision: 1.2 $ $Date: 2004/03/18 16:40:34 $
 */

final class HTMLFilter {

  /**
   * Filter the specified message string for characters that are sensitive in
   * HTML. This avoids potential attacks caused by including JavaScript codes
   * in the request URL that is often reported in error messages.
   * 
   * @param message
   *            The message string to be filtered
   */
  public static String filter(String message) {

    if (message == null)
      return (null);

    char content[] = new char[message.length()];
    message.getChars(0, message.length(), content, 0);
    StringBuffer result = new StringBuffer(content.length + 50);
    for (int i = 0; i < content.length; i++) {
      switch (content[i]) {
      case '<':
        result.append("&lt;");
        break;
      case '>':
        result.append("&gt;");
        break;
      case '&':
        result.append("&amp;");
        break;
      case '"':
        result.append("&quot;");
        break;
      default:
        result.append(content[i]);
      }
    }
    return (result.toString());

  }

}